Online stored based on Magento hacked to steal card data, run cryptojacking scripts

Security researchers have identified 1000+ magento sites that have been hacked by hackers and infected them with malicious scripts which can be used to steal credit card data, deliver malware or run crypto mining scripts.

"The Magento sites are being compromised through brute-force attacks using common and known default Magento credentials," Flashpoint researchers say.

How the hacking took place ?

When users install magento they get a default credentials and in most of the cases brute force attack was sued to compromise the sites. Once attackers gain access to these sites, researchers say they've observed three main patterns of malicious activities.

The most common practice is to insert malicious code in Magento core files, code that logs payment card information entered inside the checkout process. Such malware is named a card scraper, and users should expect to find one on any e-commerce store that looks to have missed a few updates.

Second, attackers also deploy cryptojacking scripts that mine Monero on the computers of store visitors, a practice that has become quite common these days, across all sites, not just Magento stores.

Last but not least, hackers also use these compromised Magento stores to redirect some of the infected sites' visitors to malicious sites that attempt to trick users into downloading and installing malware on their computers. According to cases investigated by Flashpoint researchers, the most prevalent tactic was to redirect users to sites offering phony Adobe Flash Player update packages, which would infect users with the AZORult infostealers.